1.kubernetes
ssl
Second Time

Renew SSL Certificate with Ingress

Process

  1. Verify Jetstack Helm repository is added
  2. Verify the ClusterIssuer is present
  3. Verify Secret, Certificate, and CertificateRequest
  4. Create Certificate Resource
  5. Create Ingress with TLS Configuration

Verify Jetstack Helm repository is added

helm repo list | grep jetstack || (helm repo add jetstack https://charts.jetstack.io && helm repo update)

Verify the ClusterIssuer is present

kubectl get clusterissuer letsencrypt-dns-cloudflare -o yaml

If the ClusterIssuer is missing, follow the steps in the initial SSL setup to create it.

Create Certificate Resource

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: example-tls-cert
  namespace: cert-manager
spec:
  secretName: example-tls-secret
  issuerRef:
    name: letsencrypt-dns-cloudflare
    kind: ClusterIssuer
  dnsNames:
    - example.com
    - '*.example.com'  # Wildcard certificate

Apply the certificate configuration:

kubectl apply -f certificate.yaml

Create Ingress with TLS Configuration

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: your-app-ingress
  annotations:
    # Specify the DNS challenge issuer
    cert-manager.io/cluster-issuer: letsencrypt-dns-cloudflare
    # Optional: Traefik specific annotations
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  ingressClassName: traefik
  tls:
  - hosts:
    - example.com
    - '*.example.com'  # Wildcard certificate
    secretName: example-tls-secret
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: your-service
            port:
              number: 80

Apply the ingress configuration:

kubectl apply -f ingress.yaml

Verify Secret, Certificate, and CertificateRequest

Check if the secret exists:

kubectl get secret -n cert-manager

Check the certificate status:

kubectl get certificate -n cert-manager
kubectl describe certificate <certificate-name> -n cert-manager

Check the CertificateRequest:

kubectl get certificaterequest -n cert-manager
kubectl describe certificaterequest <certificate-request-name> -n cert-manager

Manual Certificate Renewal

If needed, manually trigger renewal:

kubectl annotate certificate example-tls-cert cert-manager.io/renew-before=10m
First TimeCommands